Allowed/en

allowed is a Helper module to secure and restrict access to the server services (FHEM web server and telnet) provided by fhem.pl.

Introduction

By default every device connected to the same network^[1] the FHEM server is part of could connect and steer FHEM without encryption or need for user or password data. FHEM will therefore present a security warning. Defining an allowed device is one of the available options to set.

Most likely you want to make use of allowed to

• allow access to FHEM coming out of other networks and/or
• restrict the possibility to access FHEM (or at least get not full control over all of your devices and configuration) for members of the same network.

Syntax

To define an allowed device for one or more FHEMWEB or telnet-Interfaces use

    define <name> allowed <deviceList>

Additional Remarks

If you plan to make FHEM accessible not only from a local net, it is highly recommended to not just use allowed but to apply also additional security measures. Possible options could be the use of VPN technologies (Virtual Private Network) and/or the installation of a Reverse-Proxy-Server like Apache or nginx. For the web server interfaces provided with FHEMWEB it is also highly recommended to use the attribute HTTPS to activate HTTPS enchryption on communication. For telnet (being more or less also a TCP/IP Port) please use SSL als an attribute.

Examples

Introduce authentification with user and password for common FHEMWEB entity:

    define allowedWEB allowed
    attr allowedWEB validFor WEB,WEBphone,WEBtablet
    attr allowedWEB basicAuth { "$user:$password" eq "admin:secret" }
    attr allowedWEB allowedCommands set,get

Same for telnet:

    define allowedTelnet allowed
    attr allowedTelnet validFor telnetPort
    attr allowedTelnet password secret